Let's say that on a production system, a sysadmin configure /etc/sudoers with following entry:
%teens ALL=(ALL:ALL) ALL
The entry above allows teens group (which is untrusted) to execute any commands with sudo. The sysadmin
assumed that teens group knows what they are doing.